FRE-4471: Scaffold DarkWatch MVP — monorepo, schema, services, API routes, tests

- Turborepo monorepo structure (packages: api, db, types, jobs; services: darkwatch)
- Prisma schema: User, WatchListItem, Exposure, Alert, ScanJob models
- WatchListService: CRUD with normalization, dedup, tier-based limits
- HIBPService: API integration with severity scoring
- MatchingEngine: exact-match with content hash dedup
- AlertPipeline: dedup window, email notifications
- ScanService: orchestrates watch list -> HIBP -> match -> alert flow
- BullMQ job workers for scan and alert processing
- Fastify API routes: watchlist, exposures, alerts, scan
- Docker Compose: PostgreSQL 16 + Redis 7
- 15 unit tests passing
- Implementation plan document uploaded

packages/api/src/server.ts

@@ -0,0 +1,31 @@
+import Fastify from "fastify";
+import cors from "@fastify/cors";
+import helmet from "@fastify/helmet";
+import sensible from "@fastify/sensible";
+import { darkwatchRoutes } from "./routes";
+
+const app = Fastify({
+  logger: {
+    level: process.env.LOG_LEVEL || "info",
+  },
+});
+
+async function bootstrap() {
+  await app.register(cors, { origin: true });
+  await app.register(helmet);
+  await app.register(sensible);
+
+  await app.register(darkwatchRoutes);
+
+  app.get("/health", async () => ({ status: "ok", timestamp: new Date().toISOString() }));
+
+  try {
+    await app.listen({ port: parseInt(process.env.PORT || "3000", 10), host: "0.0.0.0" });
+    app.log.info(`Server listening on port ${process.env.PORT || 3000}`);
+  } catch (err) {
+    app.log.error(err);
+    process.exit(1);
+  }
+}
+
+bootstrap();